pipeline {
    agent any

    environment {
        REGISTRY = "192.168.108.200" 
        APP_NAME = "ecommerce-app" 
        IMAGE_NAME = "ecommerce-backend"
        IMAGE_TAG = "${REGISTRY}/library/${IMAGE_NAME}:${env.BRANCH_NAME}-${env.BUILD_NUMBER}"
        NAMESPACE = "ecommerce"
        CONTAINERD_ADDR = "/run/containerd-pod/containerd.sock"
    }

    stages {
        stage('Build Image') {
            steps {
                script {
                    // We run everything in ONE sh block to maintain the session
                    sh """
                    # 1. Install binaries if they are missing
                    if ! command -v buildkitd >/dev/null; then
                        curl -L https://github.com/moby/buildkit/releases/download/v0.12.5/buildkit-v0.12.5.linux-amd64.tar.gz | tar -xz -C /usr/local/bin/ --strip-components=1
                        ln -sf /usr/local/bin/buildctl /usr/bin/buildctl
                    fi

                    # 2. Setup Sockets
                    mkdir -p /run/buildkit /run/buildkit-default
                    
                    # 3. Start BuildKit in the background specifically for this session
                    export JENKINS_NODE_COOKIE=dontKillMe
                    nohup buildkitd --addr unix:///run/buildkit/buildkitd.sock --addr unix:///run/buildkit-default/buildkitd.sock > /tmp/buildkitd.log 2>&1 &
                    
                    # 4. Wait for socket with a simple check
                    echo "Waiting for BuildKit socket..."
                    for i in \$(seq 1 20); do
                        if [ -S /run/buildkit/buildkitd.sock ]; then
                            echo "Socket is READY."
                            break
                        fi
                        sleep 1
                    done

                    # 5. Execute the build immediately in the same step
                    export BUILDKIT_HOST=unix:///run/buildkit/buildkitd.sock
                    nerdctl --address ${CONTAINERD_ADDR} build --insecure-registry -t ${IMAGE_TAG} .
                    """
                }
            }
        }

        stage('Push to Harbor') {
            steps {
                script {
                    withCredentials([usernamePassword(credentialsId: 'harbor-creds', passwordVariable: 'PASS', usernameVariable: 'USER')]) {
                        sh """
                        echo '${PASS}' | nerdctl --address ${CONTAINERD_ADDR} login ${REGISTRY} -u ${USER} --password-stdin --insecure-registry
                        nerdctl --address ${CONTAINERD_ADDR} push ${IMAGE_TAG} --insecure-registry
                        """
                    }
                }
            }
        }

        stage('Deploy to K8s') {
            steps {
                script {
                    withCredentials([file(credentialsId: 'k8s-config', variable: 'KUBECONFIG')]) {
                        sh """
                        kubectl --kubeconfig=${KUBECONFIG} patch deployment ${APP_NAME} -n ${NAMESPACE} --patch \
                        '{"spec": {"template": {"spec": {"containers": [{"name": "${APP_NAME}", "image": "${IMAGE_TAG}", "imagePullPolicy": "Never"}]}}}}'
                        """
                        sh "kubectl --kubeconfig=${KUBECONFIG} rollout status deployment/${APP_NAME} -n ${NAMESPACE}"
                    }
                }
            }
        }
    }
}